Last Updated: October 4th, 2025
Grapplers PerformX ("we," "us," or "our") is committed to protecting your privacy and personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
1. Information We Collect
1.1 Personal Information
We collect information that identifies you as an individual, including:
Name, email address, phone number
Mailing address and billing information
Date of birth and age
Account credentials (username and password)
Payment and billing information
1.2 Protected Health Information (PHI)
As a healthcare provider, we collect health information protected under HIPAA, including:
Medical history and current health conditions
Injury details and symptoms
Physical assessment data
Treatment plans and progress notes
Insurance information
Communication with healthcare providers
1.3 Technical Information
We automatically collect certain information when you visit our Site:
IP address and device identifiers
Browser type and version
Operating system
Pages visited and time spent on pages
Referring website addresses
Clickstream data
1.4 Video and Audio Recordings
During telehealth sessions, we may record video and audio for:
Treatment assessment purposes
Quality assurance
Professional training (with explicit consent)
1.5 Information from Third Parties
We may receive information from:
Referring healthcare providers
Insurance companies
Third-party payment processors
Social media platforms (if you choose to connect)
2. How We Use Your Information
2.1 To Provide Healthcare Services
Conduct assessments and diagnose injuries
Develop and implement treatment plans
Communicate with you about your care
Schedule appointments and send reminders
Process payments and billing
2.2 To Improve Our Services
Analyze usage patterns and trends
Conduct research and quality improvement initiatives
Develop new services and features
Train our staff and improve protocols
2.3 For Communication
Respond to your inquiries
Send appointment confirmations and reminders
Provide customer support
Send educational content and newsletters (with consent)
Notify you of changes to our services or policies
2.4 For Marketing
Send promotional materials about our services (with consent)
Display testimonials and success stories (with explicit consent)
Improve our marketing efforts and website
2.5 For Legal and Safety Purposes
Comply with legal obligations and regulations
Protect against fraud and security threats
Enforce our Terms of Use
Respond to legal requests and prevent harm
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and UK, we process your information based on:
Consent: You have given clear consent for specific purposes
Contract: Processing is necessary to fulfill our services
Legal Obligation: We must comply with laws and regulations
Legitimate Interest: Processing is necessary for our legitimate business interests
4. How We Share Your Information
4.1 With Your Consent
We may share your information with third parties when you provide explicit consent.
4.2 Service Providers
We share information with third-party vendors who perform services on our behalf:
Video conferencing platforms (for telehealth sessions)
Payment processors
Email service providers
Customer relationship management (CRM) systems
Cloud storage providers
Analytics services
All service providers are contractually required to protect your information and use it only for the purposes we specify.
4.3 Healthcare Providers
We may share PHI with:
Referring physicians or specialists
Other healthcare providers involved in your care
Insurance companies for billing purposes
4.4 Legal Requirements
We may disclose information when required by law:
In response to subpoenas, court orders, or legal processes
To comply with regulatory requirements
To protect our rights, property, or safety
To prevent fraud or security threats
4.5 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
4.6 Aggregated or De-Identified Data
We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, marketing, or other purposes.
5. HIPAA Compliance
5.1 Notice of Privacy Practices
As a covered entity under HIPAA, we maintain a separate Notice of Privacy Practices that describes how we use and disclose Protected Health Information (PHI).
5.2 Your HIPAA Rights
Under HIPAA, you have the right to:
Access and obtain a copy of your health records
Request corrections to your health information
Request restrictions on how we use or disclose your PHI
Receive confidential communications
Receive a paper copy of our Notice of Privacy Practices
File a complaint if you believe your privacy rights have been violated
5.3 Business Associates
Third-party service providers who may access PHI have signed Business Associate Agreements (BAAs) as required by HIPAA.
6. Data Security
6.1 Security Measures
We implement appropriate technical and organizational measures to protect your information:
Encryption of data in transit and at rest
Secure socket layer (SSL) technology
Firewalls and intrusion detection systems
Access controls and authentication
Regular security audits and assessments
Staff training on data protection
6.2 HIPAA-Compliant Platforms
We use HIPAA-compliant platforms for:
Telehealth video sessions
Electronic health records (EHR)
Email communications containing PHI
Cloud storage and backup
6.3 Limitations
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
7.1 Health Records
We retain health records in accordance with applicable laws and professional standards:
Medical records: Minimum 7 years after last treatment (or longer as required by state law)
Billing records: 7 years
Minor records: Until age of majority plus statute of limitations
7.2 Other Information
Account information: Duration of active account plus retention period for legal compliance
Technical data: Typically 12-24 months unless longer retention is required
7.3 Secure Deletion
When information is no longer needed, we securely delete or destroy it in accordance with our data retention policy and applicable laws.
8. Your Privacy Rights
8.1 Access and Portability
You have the right to:
Access the personal information we hold about you
Receive a copy of your information in a portable format
Request transfer of your information to another provider
8.2 Correction
You may request corrections to inaccurate or incomplete information.
8.3 Deletion
You may request deletion of your information, subject to:
Legal retention requirements
Legitimate business purposes
Ongoing treatment relationships
8.4 Restriction and Objection
You may:
Request restrictions on how we process your information
Object to processing based on legitimate interests
Opt-out of marketing communications
8.5 Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time.
8.6 Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights.
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
Essential Cookies: Required for site functionality
Analytics Cookies: Help us understand how visitors use our site
Marketing Cookies: Used to deliver relevant advertisements
Preference Cookies: Remember your settings and preferences
9.2 Third-Party Cookies
We may use third-party services that set cookies, including:
Google Analytics (website analytics)
Facebook Pixel (advertising)
HubSpot (customer relationship management)
9.3 Cookie Control
You can control cookies through your browser settings. Note that disabling certain cookies may affect site functionality.
9.4 Do Not Track
Our site does not currently respond to "Do Not Track" browser signals.
10. International Data Transfers
10.1 Cross-Border Transfers
If you are located outside the United States, your information may be transferred to and processed in the United States where our servers are located.
10.2 Safeguards
We implement appropriate safeguards for international transfers, including:
Standard contractual clauses approved by the European Commission
Adequacy decisions where applicable
Other legally recognized transfer mechanisms
10.3 EU-US Data Privacy Framework
[If applicable] We comply with the EU-US Data Privacy Framework as set forth by the US Department of Commerce.
11. Children's Privacy
11.1 Age Restrictions
Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent.
11.2 Minors (13-17)
Services for minors aged 13-17 require parental or guardian consent. Parents/guardians have the right to review and request deletion of their child's information.
11.3 Parental Rights
If you believe we have collected information from a child under 13 without consent, please contact us immediately.
12. California Privacy Rights (CCPA)
12.1 California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information
Right to non-discrimination for exercising your rights
12.2 Shine the Light Law
California residents may request information about our disclosure of personal information to third parties for direct marketing purposes.
12.3 How to Exercise Rights
To exercise your California privacy rights, contact us at hello@performxpt.com or call +1 (541) 327-4797.
13. Nevada Privacy Rights
Nevada residents have the right to opt-out of the sale of certain personal information to third parties. We do not currently sell personal information as defined by Nevada law. If you have questions, contact us at hello@performxpt.com.
14. Changes to This Privacy Policy
14.1 Updates
We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting to our website.
14.2 Notification
We will notify you of material changes via:
Email to your registered address
Prominent notice on our website
In-app notification (if applicable)
14.3 Continued Use
Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy.
15. Contact Us
15.1 Privacy Questions
If you have questions about this Privacy Policy or our privacy practices, contact us:
Grapplers PerformX
Email: hello@performxpt.com
Phone: +1 (541) 327-4797
Address: 1399 Monmouth St, Independence, OR 97351
15.2 HIPAA Privacy Officer
For questions about Protected Health Information or to exercise your HIPAA rights:
Privacy Officer
Email: privacy@performxpt.com
Phone: +1 (541) 327-4797
15.3 Data Protection Officer (EU/UK)
For EU/UK residents with data protection questions:
[Designate DPO contact information if applicable]
16. Your Consent
By using our website or services, you consent to our Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use our services.
17. Accessibility
This Privacy Policy is available in accessible formats. If you need assistance accessing this document, please contact us at hello@performxpt.com.
IMPORTANT: This Privacy Policy should be read in conjunction with our Terms of Use and HIPAA Notice of Privacy Practices. In the event of a conflict between this Privacy Policy and the Notice of Privacy Practices regarding Protected Health Information, the Notice of Privacy Practices shall govern.
END OF PRIVACY POLICY
Last Updated: October 4th, 2025
Grapplers PerformX ("we," "us," or "our") is committed to protecting your privacy and personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
1. Information We Collect
1.1 Personal Information
We collect information that identifies you as an individual, including:
Name, email address, phone number
Mailing address and billing information
Date of birth and age
Account credentials (username and password)
Payment and billing information
1.2 Protected Health Information (PHI)
As a healthcare provider, we collect health information protected under HIPAA, including:
Medical history and current health conditions
Injury details and symptoms
Physical assessment data
Treatment plans and progress notes
Insurance information
Communication with healthcare providers
1.3 Technical Information
We automatically collect certain information when you visit our Site:
IP address and device identifiers
Browser type and version
Operating system
Pages visited and time spent on pages
Referring website addresses
Clickstream data
1.4 Video and Audio Recordings
During telehealth sessions, we may record video and audio for:
Treatment assessment purposes
Quality assurance
Professional training (with explicit consent)
1.5 Information from Third Parties
We may receive information from:
Referring healthcare providers
Insurance companies
Third-party payment processors
Social media platforms (if you choose to connect)
2. How We Use Your Information
2.1 To Provide Healthcare Services
Conduct assessments and diagnose injuries
Develop and implement treatment plans
Communicate with you about your care
Schedule appointments and send reminders
Process payments and billing
2.2 To Improve Our Services
Analyze usage patterns and trends
Conduct research and quality improvement initiatives
Develop new services and features
Train our staff and improve protocols
2.3 For Communication
Respond to your inquiries
Send appointment confirmations and reminders
Provide customer support
Send educational content and newsletters (with consent)
Notify you of changes to our services or policies
2.4 For Marketing
Send promotional materials about our services (with consent)
Display testimonials and success stories (with explicit consent)
Improve our marketing efforts and website
2.5 For Legal and Safety Purposes
Comply with legal obligations and regulations
Protect against fraud and security threats
Enforce our Terms of Use
Respond to legal requests and prevent harm
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and UK, we process your information based on:
Consent: You have given clear consent for specific purposes
Contract: Processing is necessary to fulfill our services
Legal Obligation: We must comply with laws and regulations
Legitimate Interest: Processing is necessary for our legitimate business interests
4. How We Share Your Information
4.1 With Your Consent
We may share your information with third parties when you provide explicit consent.
4.2 Service Providers
We share information with third-party vendors who perform services on our behalf:
Video conferencing platforms (for telehealth sessions)
Payment processors
Email service providers
Customer relationship management (CRM) systems
Cloud storage providers
Analytics services
All service providers are contractually required to protect your information and use it only for the purposes we specify.
4.3 Healthcare Providers
We may share PHI with:
Referring physicians or specialists
Other healthcare providers involved in your care
Insurance companies for billing purposes
4.4 Legal Requirements
We may disclose information when required by law:
In response to subpoenas, court orders, or legal processes
To comply with regulatory requirements
To protect our rights, property, or safety
To prevent fraud or security threats
4.5 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
4.6 Aggregated or De-Identified Data
We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, marketing, or other purposes.
5. HIPAA Compliance
5.1 Notice of Privacy Practices
As a covered entity under HIPAA, we maintain a separate Notice of Privacy Practices that describes how we use and disclose Protected Health Information (PHI).
5.2 Your HIPAA Rights
Under HIPAA, you have the right to:
Access and obtain a copy of your health records
Request corrections to your health information
Request restrictions on how we use or disclose your PHI
Receive confidential communications
Receive a paper copy of our Notice of Privacy Practices
File a complaint if you believe your privacy rights have been violated
5.3 Business Associates
Third-party service providers who may access PHI have signed Business Associate Agreements (BAAs) as required by HIPAA.
6. Data Security
6.1 Security Measures
We implement appropriate technical and organizational measures to protect your information:
Encryption of data in transit and at rest
Secure socket layer (SSL) technology
Firewalls and intrusion detection systems
Access controls and authentication
Regular security audits and assessments
Staff training on data protection
6.2 HIPAA-Compliant Platforms
We use HIPAA-compliant platforms for:
Telehealth video sessions
Electronic health records (EHR)
Email communications containing PHI
Cloud storage and backup
6.3 Limitations
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
7.1 Health Records
We retain health records in accordance with applicable laws and professional standards:
Medical records: Minimum 7 years after last treatment (or longer as required by state law)
Billing records: 7 years
Minor records: Until age of majority plus statute of limitations
7.2 Other Information
Account information: Duration of active account plus retention period for legal compliance
Technical data: Typically 12-24 months unless longer retention is required
7.3 Secure Deletion
When information is no longer needed, we securely delete or destroy it in accordance with our data retention policy and applicable laws.
8. Your Privacy Rights
8.1 Access and Portability
You have the right to:
Access the personal information we hold about you
Receive a copy of your information in a portable format
Request transfer of your information to another provider
8.2 Correction
You may request corrections to inaccurate or incomplete information.
8.3 Deletion
You may request deletion of your information, subject to:
Legal retention requirements
Legitimate business purposes
Ongoing treatment relationships
8.4 Restriction and Objection
You may:
Request restrictions on how we process your information
Object to processing based on legitimate interests
Opt-out of marketing communications
8.5 Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time.
8.6 Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights.
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
Essential Cookies: Required for site functionality
Analytics Cookies: Help us understand how visitors use our site
Marketing Cookies: Used to deliver relevant advertisements
Preference Cookies: Remember your settings and preferences
9.2 Third-Party Cookies
We may use third-party services that set cookies, including:
Google Analytics (website analytics)
Facebook Pixel (advertising)
HubSpot (customer relationship management)
9.3 Cookie Control
You can control cookies through your browser settings. Note that disabling certain cookies may affect site functionality.
9.4 Do Not Track
Our site does not currently respond to "Do Not Track" browser signals.
10. International Data Transfers
10.1 Cross-Border Transfers
If you are located outside the United States, your information may be transferred to and processed in the United States where our servers are located.
10.2 Safeguards
We implement appropriate safeguards for international transfers, including:
Standard contractual clauses approved by the European Commission
Adequacy decisions where applicable
Other legally recognized transfer mechanisms
10.3 EU-US Data Privacy Framework
[If applicable] We comply with the EU-US Data Privacy Framework as set forth by the US Department of Commerce.
11. Children's Privacy
11.1 Age Restrictions
Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent.
11.2 Minors (13-17)
Services for minors aged 13-17 require parental or guardian consent. Parents/guardians have the right to review and request deletion of their child's information.
11.3 Parental Rights
If you believe we have collected information from a child under 13 without consent, please contact us immediately.
12. California Privacy Rights (CCPA)
12.1 California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information
Right to non-discrimination for exercising your rights
12.2 Shine the Light Law
California residents may request information about our disclosure of personal information to third parties for direct marketing purposes.
12.3 How to Exercise Rights
To exercise your California privacy rights, contact us at hello@performxpt.com or call +1 (541) 327-4797.
13. Nevada Privacy Rights
Nevada residents have the right to opt-out of the sale of certain personal information to third parties. We do not currently sell personal information as defined by Nevada law. If you have questions, contact us at hello@performxpt.com.
14. Changes to This Privacy Policy
14.1 Updates
We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting to our website.
14.2 Notification
We will notify you of material changes via:
Email to your registered address
Prominent notice on our website
In-app notification (if applicable)
14.3 Continued Use
Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy.
15. Contact Us
15.1 Privacy Questions
If you have questions about this Privacy Policy or our privacy practices, contact us:
Grapplers PerformX
Email: hello@performxpt.com
Phone: +1 (541) 327-4797
Address: 1399 Monmouth St, Independence, OR 97351
15.2 HIPAA Privacy Officer
For questions about Protected Health Information or to exercise your HIPAA rights:
Privacy Officer
Email: privacy@performxpt.com
Phone: +1 (541) 327-4797
15.3 Data Protection Officer (EU/UK)
For EU/UK residents with data protection questions:
[Designate DPO contact information if applicable]
16. Your Consent
By using our website or services, you consent to our Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use our services.
17. Accessibility
This Privacy Policy is available in accessible formats. If you need assistance accessing this document, please contact us at hello@performxpt.com.
IMPORTANT: This Privacy Policy should be read in conjunction with our Terms of Use and HIPAA Notice of Privacy Practices. In the event of a conflict between this Privacy Policy and the Notice of Privacy Practices regarding Protected Health Information, the Notice of Privacy Practices shall govern.
END OF PRIVACY POLICY